[Snort-users] Re: [Snort-sigs] Packet Payload database?
This is a discussion on [Snort-users] Re: [Snort-sigs] Packet Payload database? within the Snort forums, part of the System Security and Security Related category; --=-RcFqhcg9ndhAJ6CmNLDE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, You can find a good help at http://www....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-22-2004
|
|||
|
|||
[Snort-users] Re: [Snort-sigs] Packet Payload database?
--=-RcFqhcg9ndhAJ6CmNLDE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, You can find a good help at http://www.giac.org/GCIA.php. The book Intrusion Signatures and Analysis is also a good resource too. Best Regards, Rodrigo Ramos http://www.triforsec.com.br On Fri, 2004-05-21 at 17:50, Scott Zawalski wrote: > Is there a database available to the public that has captures of what=20 > some of these rules are looking for? I have looked around and not been=20 > able to find one. >=20 > If older rules have broad defniitions that later on produce false=20 > positives, people cannot improve them without knowing what the rule was=20 > originally constructed for. With a database like this available it will=20 > help older rules be even more fined tuned as newer net traffic=20 > (homegrown apps) might incorporate traffic bits that produces false=20 > positives. >=20 > I think that something along these lines would fit in perfectly with the=20 > current snort-rules documentation and would be easy to keep up to date.=20 > As new rules come up simply attach the payload you produced it from. >=20 > Scott >=20 >=20 >=20 > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g.=20 > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3D3149&al...166&op=3Dclick > _______________________________________________ > Snort-sigs mailing list > Snort-sigs@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/snort-sigs >=20 >=20 --=-RcFqhcg9ndhAJ6CmNLDE Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQBArz4h3psv83HP4JgRAiAeAKDL0dZUU95FH/AAGjkz8SZWi7xjZwCfb14Q zTjTQB+oU/iUQzrYmmsNy3U= =BJLV -----END PGP SIGNATURE----- --=-RcFqhcg9ndhAJ6CmNLDE-- ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
